From 1c3657394050433af00675ec97c0b658578ea5e1 Mon Sep 17 00:00:00 2001 From: huabing zhao Date: Fri, 23 Feb 2024 11:20:18 +0800 Subject: [PATCH] keep the original HashString for backward compatibility Signed-off-by: huabing zhao --- internal/gatewayapi/securitypolicy.go | 2 +- .../kubernetes/proxy_serviceaccount_test.go | 4 ++-- .../provider/kubernetes/kubernetes_test.go | 5 ++-- internal/utils/misc.go | 23 ++++++++++++++----- internal/utils/misc_test.go | 6 ++--- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index e2121cdfcab..abb274e6b08 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -493,7 +493,7 @@ func (t *Translator) buildOIDC( } // Generate a unique cookie suffix for oauth filters - suffix := utils.Digest(string(policy.UID)) + suffix := utils.Digest32(string(policy.UID)) return &ir.OIDC{ Provider: *provider, diff --git a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go index 49f7c798372..0cde399a2df 100644 --- a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go +++ b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go @@ -54,7 +54,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "test", - Name: "envoy-test-afd071e5", + Name: "envoy-test-9f86d081", Labels: map[string]string{ "app.kubernetes.io/name": "envoy", "app.kubernetes.io/component": "proxy", @@ -103,7 +103,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "test", - Name: "envoy-test-afd071e5", + Name: "envoy-test-9f86d081", Labels: map[string]string{ "app.kubernetes.io/name": "envoy", "app.kubernetes.io/component": "proxy", diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index 301b7d392c2..cc28f0d8497 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -37,6 +37,7 @@ import ( "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/message" "github.com/envoyproxy/gateway/internal/provider/kubernetes/test" + "github.com/envoyproxy/gateway/internal/utils" ) const ( @@ -881,7 +882,7 @@ func testHTTPRoute(ctx context.Context, t *testing.T, provider *Provider, resour }, defaultWait, defaultTick) // Ensure the test HTTPRoute in the HTTPRoute resources is as expected. - key := utils.NamespacedName(testCase.route) + key := utils.NamespacedName(&testCase.route) require.Eventually(t, func() bool { return cli.Get(ctx, key, &testCase.route) == nil }, defaultWait, defaultTick) @@ -1029,7 +1030,7 @@ func testTLSRoute(ctx context.Context, t *testing.T, provider *Provider, resourc }, defaultWait, defaultTick) // Ensure the test TLSRoute in the TLSRoute resources is as expected. - key := utils.NamespacedName(testCase.route) + key := utils.NamespacedName(&testCase.route) require.Eventually(t, func() bool { return cli.Get(ctx, key, &testCase.route) == nil }, defaultWait, defaultTick) diff --git a/internal/utils/misc.go b/internal/utils/misc.go index 9f975ea7e87..6e434660de6 100644 --- a/internal/utils/misc.go +++ b/internal/utils/misc.go @@ -6,6 +6,7 @@ package utils import ( + "crypto/sha256" "fmt" "hash/fnv" "strings" @@ -25,20 +26,30 @@ func NamespacedName(obj client.Object) types.NamespacedName { // GetHashedName returns a partially hashed name for the string including up to the given length of the original name characters before the hash. // Input `nsName` should be formatted as `{Namespace}/{ResourceName}`. func GetHashedName(nsName string, length int) string { - hashedName := Digest(nsName) + hashedName := Digest256(nsName) // replace `/` with `-` to create a valid K8s resource name resourceName := strings.ReplaceAll(nsName, "/", "-") if length > 0 && len(resourceName) > length { // resource name needs to be trimmed, as container port name must not contain consecutive hyphens trimmedName := strings.TrimSuffix(resourceName[0:length], "-") - return fmt.Sprintf("%s-%s", trimmedName, hashedName) + return fmt.Sprintf("%s-%s", trimmedName, hashedName[0:8]) } - return fmt.Sprintf("%s-%s", resourceName, hashedName) + // Ideally we should use 32-bit hash instead of 64-bit hash and return the first 8 characters of the hash. + // However, we are using 64-bit hash to maintain backward compatibility. + return fmt.Sprintf("%s-%s", resourceName, hashedName[0:8]) } -// Digest returns a 32-bit hashh of the input string. -// The hash is represented as a capitalized hexadecimal string. -func Digest(str string) string { +// Digest256 returns a sha256 hash of the input string. +// The hash is represented as a hexadecimal string of length 64. +func Digest256(str string) string { + h := sha256.New() // Using sha256 instead of sha1 due to Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) + h.Write([]byte(str)) + return strings.ToLower(fmt.Sprintf("%x", h.Sum(nil))) +} + +// Digest32 returns a 32-bit hash of the input string. +// The hash is represented as a hexadecimal string of length 8. +func Digest32(str string) string { h := fnv.New32a() _, _ = h.Write([]byte(str)) return fmt.Sprintf("%x", h.Sum32()) diff --git a/internal/utils/misc_test.go b/internal/utils/misc_test.go index 43967813867..5955f28aecd 100644 --- a/internal/utils/misc_test.go +++ b/internal/utils/misc_test.go @@ -18,9 +18,9 @@ func TestGetHashedName(t *testing.T) { length int expected string }{ - {"test default name", "http", 6, "http-c96448a5"}, - {"test removing trailing slash", "namespace/name", 10, "namespace-3c4f601e"}, - {"test removing trailing hyphen", "envoy-gateway-system/eg/http", 6, "envoy-128ffda5"}, + {"test default name", "http", 6, "http-e0603c49"}, + {"test removing trailing slash", "namespace/name", 10, "namespace-18a6500f"}, + {"test removing trailing hyphen", "envoy-gateway-system/eg/http", 6, "envoy-2ecf157b"}, } for _, tc := range testCases {